<?php
	include('secure_db.php');
	session_start();

	/*check isset*/
	if(isset($_POST['Name']) AND isset($_POST['Price']) AND isset($_POST['Availability'])AND isset($_POST['Category']) AND 
	   isset($_POST['Description']) AND $_FILES['Picture']['error'] == 0 ){
			
	   /*check size*/
		if ($_FILES['Picture']['size'] <= 1000000){
		
			/*check extension*/
			$infosfichier = pathinfo($_FILES['Picture']['name']);
			$extension_upload = $infosfichier['extension'];
			$extensions_autorisees=array('png','jpeg','jpg');
			if (in_array($extension_upload, $extensions_autorisees)){
               
				
				include("connection_mysqli.php");
				
				$req0=$connexion->prepare('SELECT MAX(ID) AS max FROM Product');
				$result=$req0->execute();
				$req0->bind_result($col1);
				$id;
				while ($donnees = $req0->fetch()){
					$id=(int)$col1+1;
				}
				$req0->close();
				
				$req = $connexion->prepare('INSERT INTO Product(StoreName,name,picture_type,availability,description,category,price) VALUES(?,?,?,?,?,?,?)');
				$req->bind_param("ssssssd", $val1,$val2,$val3,$val4,$val5,$val6,$val7);
				$val1= $_SESSION['name'];
				$val2= Secure::db($_POST['Name']);
				$val3= Secure::db($extension_upload);
				$val4= Secure::db($_POST['Availability']);
				$val5= Secure::db($_POST['Description']);
				$val6= Secure::db($_POST['Category']);
				$val7= Secure::db($_POST['Price']);
				$result=$req->execute();
				$req->close();
				$connexion->close();
				
				$path=str_replace (" ", "", 'picture/'.$id.'.'.$extension_upload );
				move_uploaded_file($_FILES['Picture']['tmp_name'],$path);
	
			}
		}
	}
	
	header('Location: store-myproducts.php');
	
?>